US20160366102A1 - Self-Configuring Key Management System For an Internet of Things Network - Google Patents
Self-Configuring Key Management System For an Internet of Things NetworkDownload PDFInfo
- Publication number
- US20160366102A1 US20160366102A1US14/968,125US201514968125AUS2016366102A1US 20160366102 A1US20160366102 A1US 20160366102A1US 201514968125 AUS201514968125 AUS 201514968125AUS 2016366102 A1US2016366102 A1US 2016366102A1
- Authority
- US
- United States
- Prior art keywords
- domain
- key management
- storage medium
- instructions
- computer readable
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891communicationMethods0.000claimsabstractdescription32
- 230000003993interactionEffects0.000claimsdescription19
- 238000001914filtrationMethods0.000claimsdescription4
- 230000004044responseEffects0.000claimsdescription4
- 238000012216screeningMethods0.000claimsdescription2
- 238000000034methodMethods0.000abstractdescription22
- 238000007726management methodMethods0.000description77
- 230000015654memoryEffects0.000description18
- 230000032258transportEffects0.000description13
- 238000010586diagramMethods0.000description9
- 230000008569processEffects0.000description7
- 108010007131Pulmonary Surfactant-Associated Protein BProteins0.000description6
- 102100032617Pulmonary surfactant-associated protein BHuman genes0.000description6
- 238000013459approachMethods0.000description5
- 230000006870functionEffects0.000description5
- 230000008901benefitEffects0.000description4
- 238000013500data storageMethods0.000description3
- 230000007246mechanismEffects0.000description3
- 238000012545processingMethods0.000description3
- 230000008859changeEffects0.000description2
- 230000007613environmental effectEffects0.000description2
- 230000007774longtermEffects0.000description2
- 238000012986modificationMethods0.000description2
- 230000004048modificationEffects0.000description2
- 238000012544monitoring processMethods0.000description2
- 230000003287optical effectEffects0.000description2
- GVGLGOZIDCSQPN-PVHGPHFFSA-NHeroinChemical compoundO([C@H]1[C@H](C=C[C@H]23)OC(C)=O)C4=C5[C@@]12CCN(C)[C@@H]3CC5=CC=C4OC(C)=OGVGLGOZIDCSQPN-PVHGPHFFSA-N0.000description1
- 230000006399behaviorEffects0.000description1
- 230000005540biological transmissionEffects0.000description1
- 230000015572biosynthetic processEffects0.000description1
- 238000009795derivationMethods0.000description1
- 238000013461designMethods0.000description1
- 238000005516engineering processMethods0.000description1
- 230000005012migrationEffects0.000description1
- 238000013508migrationMethods0.000description1
- 238000010295mobile communicationMethods0.000description1
- 230000006855networkingEffects0.000description1
- VYMDGNCVAMGZFE-UHFFFAOYSA-NphenylbutazonumChemical compoundO=C1C(CCCC)C(=O)N(C=2C=CC=CC=2)N1C1=CC=CC=C1VYMDGNCVAMGZFE-UHFFFAOYSA-N0.000description1
- 239000004065semiconductorSubstances0.000description1
- 239000007787solidSubstances0.000description1
- 230000003068static effectEffects0.000description1
- 230000001131transforming effectEffects0.000description1
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Definitions
- IoT networksmay range dramatically in size and complexity from a single sensor connected to a smart device to smart city networks having hundreds of thousands of interconnected nodes. Interoperability between these IoT networks is an issue.
- different IoT frameworksmay incorporate differing device management schemes. Those schemes may include extreme variances in approaches to network and device security. Those schemes may also use different mechanisms for scaling up or down (i.e., adding or subtracting nodes from the IoT networks) according to site specific deployment expectations.
- FIG. 1is a timing diagram illustrating a key management system in accordance with an embodiment.
- FIG. 2is a block diagram of a portion of an IoT network in accordance with an embodiment.
- FIG. 3is a common key management context structure in accordance with an embodiment.
- FIG. 4is an example key management context structure that may be used in connection with an asymmetric key.
- FIG. 5is a block diagram of an example system with which embodiments can be used.
- FIG. 6is a block diagram of a system in accordance with another embodiment of the present invention.
- FIG. 7is a block diagram of a system in accordance with another embodiment of the present invention.
- embodimentsprovide a key management system that is integrated with the dynamics of IoT network evolution. Given that IoT devices can have widely disparate compute and other capabilities (e.g., processing power and/or storage capacity), and may further have multiple dissimilar transport and network technologies, embodiments provide a common key management system that can implement symmetric cryptography, asymmetric cryptography, or both. To this end, a key management system as described herein can issue both symmetric and asymmetric keys under a common convention for organizing IoT devices and for evolving the IoT network.
- IoT devicesperform key management functions in proportion to the complexity of the network. As network complexity increases, key management duties expand to accommodate need. Key management duties can be assignable by role privileges that may be assigned as part of on-boarding a device into the network.
- This key management modelallows both ad-hoc and introducer models for extending a network. Nevertheless, both models share the same mechanisms for assigning context (e.g., administrative realm, publish-subscribe topic) to keys. This allows a credential that originated using an ad-hoc key agreement protocol (e.g. Diffie-Hellman or PAKE) to be used with a device that understands introducer methods (e.g. PKI, Kerberos) and vice versa.
- an ad-hoc key agreement protocole.g. Diffie-Hellman or PAKE
- introducer methodse.g. PKI, Kerberos
- both symmetric and asymmetric keysmay be included in a credential so that the constraints of the underlying transport and network layers may be accommodated if security is applied at lower layers. If security is applied at the application layer, the same credentials may be used having consistent security, scope and use semantics.
- IoT frameworkssuch as the Open Interconnect Consortium (OIC) and PC networking framework WinSOCK define a multi-protocol transport or session layering scheme where one type of security is assumed by a first transport and a second type of security is assumed by a second transport.
- OICOpen Interconnect Consortium
- WinSOCKPC networking framework
- an embodiment of a key management systemcan be instantiated on a single network node and expand to be shared across multiple nodes as new nodes are added to a network.
- the key management system(or a given one of multiple instantiated key management devices of the system) can issue credentials that may be used to authenticate and protect devices, data, network services, network zones and various grouping constructs.
- Embodimentsmay integrate multiple approaches under a common infrastructure and provide a mechanism for delegating various IoT behaviors including publish-subscribe, peer-peer, network management and key management function to its members.
- embodimentscan enable use of asymmetric keys (such as typically managed using Public Key Infrastructure (PKI)), symmetric keys (such as typically managed using Kerberos), and further enable ad hoc approaches to key management such as using Diffie-Hellman key agreement to produce symmetric keys between network peers.
- PKIPublic Key Infrastructure
- KerberosKerberos
- embodimentsprovide a common framework for interoperability and migration between these different approaches to key management.
- FIG. 1shown is a process 100 illustrating a key management system in accordance with an embodiment.
- a key management system D 1which may be a server computer or any other type of computing device, bootstraps an IoT network using both ad hoc and third party introduction techniques. More specifically, FIG. 1 shows a timing illustration of key management operations for a plurality of devices in an IoT network accordance with an embodiment.
- an initial key management system D 1e.g., Smartphone
- a new device D 2is introduced and an ad hoc key management process (block 101 ) is performed to provide one or more keys (a symmetric key, an asymmetric key, or both) to device D 2 in a common key management context structure.
- This ad hoc key establishmentmay occur via a Diffie-Hellman key exchange, and the like.
- a new device D 3is introduced to D 1 and an ad hoc key management process (block 102 ) is performed to provide one or more keys (a symmetric key, an asymmetric key, or both) to device D 3 in a common key management context structure.
- device D 3is also introduced (as a zone controller) to device D 2 (block 103 ).
- an embodimentis based on the Fluffy key management system.
- D 3may be introduced to the first domain, to which D 1 is the domain controller, by sending a request “PSK-REQ” to a key manager (e.g., device D 1 ) for a ticket.
- an example of a “request” and a “reply”include “GS K-REQ”/“PS K-REQ” and “GS K-REP”/“PS K-REP”, however “GS K-FET”/“PSK-FET” may also be considered a request and “GSK-DEL”/“PSK-DEL” may also be considered a reply. Further details regarding such requests and replies are located at, for example, https://tools.ietf.org/id/draft-hardjono-ace-fluffy-00***txt (see also (see ***https://datatracker.ietf.org/doc/draft-hardjono-ace-fluffy/ for version 01).
- the reply to such a requestmay use a client permissions field (cpac: the permissions and access control (PAC) structure containing permissions granted to a client associated with a key enclosed key in receipt sent to the client).
- PACpermissions and access control
- the same toolse.g., access controls structures
- D 2 and D 3can communicate directly (block 104 ). Therefore, blocks 101 , 102 include ad hoc exchanges while block 103 includes an introducer method to introduce two nodes. This intruder method will be further explained with an embodiment addressed in FIG. 2 .
- another device D 4is introduced into the IoT network (block 105 ).
- device D 3which is a zone controller, performs an ad hoc key establishment process with this device such that thereafter devices D 2 and D 4 can interact directly (block 107 ), after device D 3 introduces device D 4 to D 2 (block 106 ).
- D 4 and D 2are introduced to each other as clients (e.g., using tickets and receipts with access control lists and “cpac” designations, if using the Fluffy protocol, designated D 2 and D 4 as clients).
- new devicesmay be delegated a key management responsibility (e.g., device D 3 is provisioned dynamically as a zone controller at block 103 of FIG. 1 ).
- Other devicesmay be introduced as peers (e.g., block 106 of FIG. 1 ) that may interact directly using supplied credentials.
- credentialsmay be used to assign other roles (e.g., something other than “zone controller” or “client” as shown in FIG. 1 ) meaningful in the context of an IoT application/function.
- devicesmay cooperate in the context of a publish-subscribe interaction where some devices may be given a publisher role while other devices may be assigned a subscriber role, and still other devices provided a broker role (e.g., using the “pac” designation if the Fluffy protocol is used).
- All rolesmay be issued under a credential that specifies a topic of interaction (e.g., using “crlm” or “crealm” realm entry if the Fluffy protocol is used) such that off-topic interactions may require a different credential, allowing the devices to function in different roles for the other topic.
- a credentialthat specifies a topic of interaction (e.g., using “crlm” or “crealm” realm entry if the Fluffy protocol is used) such that off-topic interactions may require a different credential, allowing the devices to function in different roles for the other topic.
- a network topologycan be flexibly partitioned to allow intra-zone interactions to receive minimal intermediation to apply security, privacy and safety constraints. Stated another way, a flexible re-intermediation of key management between various domains and zones may occur. Understand that a domain is a logical collection of devices under a common administrative control. In turn, a zone is a logical construct within a given domain to enable scaling of key management within the domain to logically combine a smaller collection of devices to work within a common boundary, referred to as a zone.
- various security policiesmay be identified on a zone or domain basis.
- free interactionmay occur within a zone, while some type of security policy may be enforced on communications between zones.
- greater security policiesmay be enforced for communications between different domains.
- embodimentsprovide flexible and dynamic scaling of security in IoT networks, while enabling peer-to-peer communication between devices within one or more zones within a domain, as well as between devices present in one or more different zones of different domains.
- domain Athat includes a domain controller A, which may be a simple key distribution center (SKDC), underneath which a zone controller A is provided (which also may be a SKDC), which in turn interacts with a client IoT device of the same domain and zone.
- SKDCsimple key distribution center
- zone controller Awhich also may be a SKDC
- Similar devicesare present in a second domain B.
- domain Bincludes a domain controller B, which may be a SKDC, underneath which a zone controller B is provided (which also may be a SKDC), which in turn interacts with a client IoT device of the same domain and zone.
- a requestcan be initiated from client A to its zone controller and domain controller (blocks 202 , 203 ) to in turn receive a ticket and a receipt (blocks 205 , 206 , 207 , 208 ) that includes security credentials to control the interaction between these devices.
- client Aunderstands it is to communicate outside its domain via its known hierarchy, the Zone Controller A and the Domain Controller A.
- Client Amay form a request, such as “PSK-REQ” in the Fluffy protocol, (block 201 ).
- the requestmay include fields such as, for example, Key Type (kty)(this denotes the type of key being requested by the sender (client or SP) of the request), Desired algorithm (etype)(this is the algorithm that is desired (or supported) by the sender of the request (client or SP); SKDC options (these are flags that are intended for the SKDC only); SKDCs realm (skdcrealm) (this the name of the realm, domain or zone of the SKDC); SKDC's identity (skdcname)(this is the identity of the SKDC); Service principal's realm (sprealm)(this the name of the realm, domain or zone of the service principal in a PSK-REQ message.
- Key Typee.g., this is the type of key being requested by the sender (client or SP) of the request
- Desired algorithmetype
- SKDC optionsthese are flags that are intended for the SKDC only
- SKDCs realmskdcrealm
- a GSK-REQ messageit is the realm of the multicast group); Service principal's identity (spname)(in a PSK-REQ message this is the identity of the service principal. In a GSK-REQ message it is the identity or name of the multicast group); Client permissions (cpac)(in a PSK-REQ message this is the permissions desired by the client for itself. In a GSK-REQ message this is the permissions desired by the client for the multicast group).
- Analogous fields in non-Fluffy protocolsmay serve the same purpose.
- the requestmay be forwarded along to Domain Controller B and Zone Controller B (blocks 202 , 203 , 204 ) based on the “sprealm” field indicating SP B is the desired party.
- a replymay be formed, such as “PSK-REP” including a miniticket contains the following (see FIG. 3 ): Issuing SKDC's realm (skdcrealm)(this the name of the realm, domain or zone of the SKDC that issued this miniticket)( 304 ); Issuing SKDC's identity (skdcname)(this is the identity of the SKDC that issued this miniticket); Service principal's realm (sprealm)(this the name of the realm, domain or zone of the service principal for whom this miniticket is destined)( 306 ); Service Principal's identity (spname)(this is the identity of the service principal for whom this miniticket is destined)( 305 ); Encrypted miniticket part (enc-part)(this is the encrypted part of the miniticket intended for the service principal.
- the encrypted partcontains the following (see Fluffy protocol for more details): Client's realm (crealm)(this the name of the realm, domain or zone of the client with whom the receiver of this miniticket shares the enclosed key)( 308 ); Client's identity (cname)(this is the identity of the client with whom the receiver of this miniticket shares the enclosed key)( 309 ); Client permissions (cpac)(this is the permissions and access control (PAC) structure containing permissions granted to the client associated with the enclosed key, and through which inter-domain security policies may be enforced)( 310 ); Time of authentication (authtime)(this is the time at the SKDC when it created this miniticket in response to a request); Expiration time of key (endtime)(this is the expiration time of the key in this miniticket)( 311 ); Service principal permissions (sppac): (this is the permissions and access control (PAC) structure granted to
- This fieldis used for cross-realm ticket issuance and may include, for example, Zone Controller B and Domain Controller B)( 313 ); Key data (keydata)(this fields contains the key-data structure that carries the cryptographic key and other parameters necessary for operating the key)( 314 ).
- This areamay include a symmetric key, a public and private key pair, a public key, and/or combinations thereof.
- Receipt 303may also be returned at blocks 205 , 206 , 207 , 208 , 209 .
- Receipt fields 304 ′, 305 ′, 306 ′, 314 ′, 311 ′, 310 ′are analogous to fields 304 , 305 , 306 , 314 , 311 , 310 of ticket 302 .
- the miniticketis created by the SKDC (e.g., Zone Controller B) and is intended for the service principal (SP B) (although it is delivered via Client A, which initiates the process with the PSK-REQ message).
- the SKDCresponds to the client by sending a PSK-Response (PSK-REP) message containing the miniticket and a receipt.
- PSK-REPPSK-Response
- the miniticketcontains a copy of the encryption key to be delivered to the service principal by the client in a PSK-Establish (PSK-ESTB) message.
- PSK-ESTBPSK-Establish
- the sensitive parts (enc-part) of the miniticketare encrypted using the service principal's secret key (which it shares pair-wise with the SKDC).
- the receiptis created by the SKDC (e.g., Zone Controller B) and is used for the SKDC to deliver a key to a requesting party (be it client, service principal or multicast group members).
- FIG. 4includes an analogous container but provides an asymmetric pair to Client A.
- reply 401is analogous to reply 301 .
- Reply 401includes fields 404 , 405 , 406 , 414 , 411 , 410 , 415 that are analogous to fields 304 ′, 305 ′, 306 ′, 314 ′, 311 ′, 310 ′, 315 ′ (which field 415 including a key pair instead of a symmetric key).
- SP Bmay inquire with Zone Controller B for a public key corresponding to the asymmetric pair (or a miniticket may be used as described in the Fluffy protocol).
- both client devicesmay include logic to enforce policy associated with the given devices as identified in the common key management structure that provides appropriate keys for controlling the communications.
- the enforcement point for applying security policyis in the endpoint devices themselves, reducing complexity and network interaction.
- a key provided in such structurecan be used to bind a security policy and to create a secure channel between the devices which may be used for further communications.
- security monitoring 210 and ACL enforcement and privacy filtering 211may be tied to keys (see ticket of block 209 ) via cpac 310 ′, 310 and sppac 312 .
- the common key management structurecan be used as a generic ticket format that can be used for data exchanges. In this way, the complexity of setting up an independent TLS session between devices to send the data can be avoided.
- datacan be securely containerized within this common key management structure (see FIGS. 3 and 4 ) and header information within the key management structure can be used to appropriately route packets of a given data communication.
- a secure data channelcan be established between devices responsive to the request for inter-domain (and inter-zone) interaction between the two IoT devices. Inter-zone and inter-domain interactions may require additional vetting when IoT devices cross zonal and domain boundaries. As such, inter-zonal and/or inter-domain interactions may receive added scrutiny as part of key issuance (see, e.g., elements 210 , 211 ).
- Embodimentsmay include a scenario where a Client B initiates a connection to Client A where a session is established without first obtaining a domain (zone) ticket and receipt.
- Security enforcement logicmay require dynamically obtaining said ticket and receipt but may omit issuance of a session key by a SKDC, instead allowing use of the ephemeral session key as the ticket prescribes.
- a security benefit of this approachis the SKDC need not be hardened for key storage as a trusted third party.
- a second benefitis that the session key may be managed more precisely having a ticket context and validity that supersedes a caching policy of an ephemeral session key.
- the ticketmay further prescribe a method for transforming the ephemeral session key into a long-term key using a key derivation function that accepts as input the ephemeral key and attributes of the ticket.
- a first domainmay need to establish a secure channel with a second domain with who it does not share a pre-existing trust relationship (e.g., there is no presumption of a common PKI or common Kerberos server).
- the domainswill need to perform an ad-hoc key agreement using Diffie-Hellman or PAKE (password authenticated key exchange).
- Diffie-Hellman or PAKEpassword authenticated key exchange
- Embodimentsmay include receiving a receipt or ticket containing a public asymmetric key (e.g., FIG. 4 ) identifying a Client B that may be used to validate a signature created by Client B in connection with a session establishment to Client A.
- the receipt or ticketmay contain similar attributes as described in other embodiments of a ticket or receipt so that a security processor may consistently apply a security policy according to a well-defined domain or zone context.
- any zonal and domain considerationscan be captured as policies that are applied at the point of interaction between endpoints.
- Client-A device and SP-B devicemay engage in inter-domain interactions, while applying appropriate policies.
- policiesmay include, as representative examples, applying data filtering, device monitoring, bandwidth reservations, and the like to ensure privacy, security and safety objectives for the respective organizations and context are appropriately applied.
- Embodimentsmay use a common key management context structure that accommodates both symmetric and asymmetric key types.
- a request messagecaptures the network topology context including the zone or domain authority, specific devices having domain/zone authority and constraints of key usage based on the role, topic or informational context.
- the structure(which may be provided by a given key management entity to a client device responsive to a request (e.g., for interaction with another device in an IoT network)) may be for a symmetric key.
- a given key management entityto a client device responsive to a request (e.g., for interaction with another device in an IoT network)
- other embodimentsprovide for issuance of both symmetric and asymmetric keys under the common context. This allows the same credential to be flexibly applied when application, network and transport circumstances call for one or the other cryptographic method.
- key management context structure 400may be used in connection with an asymmetric key. Note that the structure further facilitates provisioning of credentials that may be used to authenticate, encrypt and integrity protect the device or data as appropriate for the intended use, whether symmetric or asymmetric cryptography is supported natively.
- a key management systemis self-configuring as the IoT network increases in numbers of devices.
- an initial key management devicemay dynamically assign key management roles to other devices (e.g., D 1 assigning Zone Controller role to D 3 at t 3 ). This may occur as a first device, such as D 1 , becomes overwhelmed and needs to shed some management responsibilities.
- this initial devicee.g., D 1
- another devicee.g., D 3
- can dynamically assign key management roles for delegating key management taskse.g., to one or more additional domain and/or zone controllers such that, for example, D 3 could have determined D 4 was a zone controller for a topic instead of a mere client.
- the key management systemmay further dynamically assign publish-subscribe, group formation, and other interaction patters of IoT networks.
- both symmetric and asymmetric keyscan be used in equivalent circumstances for authentication and protection of devices and/or data.
- Embodimentsmay further use a key management system to define a network topology of inter-zonal and inter-domain interaction points where security, safety and privacy considerations may be controlled at the request to cross such boundaries (but before the connection that enables such boundary crossings is established).
- a request by Client A to communicate with SP Bindicates (based on headers such as “sprealm”) that a cross-domain communication is desired so any key to facilitate such communication may be based (e.g., sppac and cpac) on the need for policies to be complied with before other communications occur.
- the key management systemmay be configured to automatically revoke or rescind roles, privileges and access based on an expiration value (e.g., element 311 ) and contextual change (e.g., change to crealm 308 or sprealm 306 ).
- an expiration valuee.g., element 311
- contextual changee.g., change to crealm 308 or sprealm 306 .
- the techniques described hereinmay be implemented within a trusted execution environment (TEE) such as Intel® SGX, Intel® MemCore, Intel® CSE, Intel® VT-X, Intel® IOT-OS with Smack, or ARM TrustZone, etc. to perform security operations as described herein.
- TEEtrusted execution environment
- system 900may be a smartphone or other wireless communicator or any other IoT device.
- a baseband processor 905is configured to perform various signal processing with regard to communication signals to be transmitted from or received by the system.
- baseband processor 905is coupled to an application processor 910 , which may be a main CPU of the system to execute an OS and other system software, in addition to user applications such as many well-known social media and multimedia apps.
- Application processor 910may further be configured to perform a variety of other computing operations for the device.
- application processor 910can couple to a user interface/display 920 , e.g., a touch screen display.
- application processor 910may couple to a memory system including a non-volatile memory, namely a flash memory 930 and a system memory, namely a DRAM 935 .
- flash memory 930may include a secure portion 932 in which secrets and other sensitive information may be stored.
- application processor 910also couples to a capture device 945 such as one or more image capture devices that can record video and/or still images.
- a universal integrated circuit card (UICC) 940comprises a subscriber identity module, which in some embodiments includes a secure storage 942 to store secure user information.
- System 900may further include a security processor 950 that may couple to application processor 910 .
- a plurality of sensors 925including one or more multi-axis accelerometers may couple to application processor 910 to enable input of a variety of sensed information such as motion and other environmental information.
- one or more authentication devices 995may be used to receive, e.g., user biometric input for use in authentication operations.
- a near field communication (NFC) contactless interface 960is provided that communicates in a NFC near field via an NFC antenna 965 . While separate antennae are shown in FIG. 5 , understand that in some implementations one antenna or a different set of antennae may be provided to enable various wireless functionalities.
- NFCnear field communication
- a power management integrated circuit (PMIC) 915couples to application processor 910 to perform platform level power management. To this end, PMIC 915 may issue power management requests to application processor 910 to enter certain low power states as desired. Furthermore, based on platform constraints, PMIC 915 may also control the power level of other components of system 900 .
- a radio frequency (RF) transceiver 970 and a wireless local area network (WLAN) transceiver 975may be present.
- RF transceiver 970may be used to receive and transmit wireless data and calls according to a given wireless communication protocol such as 3G or 4G wireless communication protocol such as in accordance with a code division multiple access (CDMA), global system for mobile communication (GSM), long term evolution (LTE) or other protocol.
- CDMAcode division multiple access
- GSMglobal system for mobile communication
- LTElong term evolution
- GPS sensor 980may be present, with location information being provided to security processor 950 for use as described herein when context information is to be used in a pairing process.
- wireless communicationssuch as receipt or transmission of radio signals, e.g., AM/FM and other signals may also be provided.
- WLAN transceiver 975local wireless communications, such as according to a BluetoothTM or IEEE 802.11 standard can also be realized.
- multiprocessor system 1000is a point-to-point interconnect system such as a server system, and includes a first processor 1070 and a second processor 1080 coupled via a point-to-point interconnect 1050 .
- processors 1070 and 1080may be multicore processors such as SoCs, including first and second processor cores (i.e., processor cores 1074 a and 1074 b and processor cores 1084 a and 1084 b ), although potentially many more cores may be present in the processors.
- processors 1070 and 1080each may include a secure engine 1075 and 1085 to perform security operations such as key management, attestations, IoT network onboarding or so forth.
- first processor 1070further includes a memory controller hub (MCH) 1072 and point-to-point (P-P) interfaces 1076 and 1078 .
- second processor 1080includes a MCH 1082 and P-P interfaces 1086 and 1088 .
- MCH's 1072 and 1082couple the processors to respective memories, namely a memory 1032 and a memory 1034 , which may be portions of main memory (e.g., a DRAM) locally attached to the respective processors.
- First processor 1070 and second processor 1080may be coupled to a chipset 1090 via P-P interconnects 1052 and 1054 , respectively.
- chipset 1090includes P-P interfaces 1094 and 1098 .
- chipset 1090includes an interface 1092 to couple chipset 1090 with a high performance graphics engine 1038 , by a P-P interconnect 1039 .
- chipset 1090may be coupled to a first bus 1016 via an interface 1096 .
- various input/output (I/O) devices 1014may be coupled to first bus 1016 , along with a bus bridge 1018 which couples first bus 1016 to a second bus 1020 .
- Various devicesmay be coupled to second bus 1020 including, for example, a keyboard/mouse 1022 , communication devices 1026 and a data storage unit 1028 such as a non-volatile storage or other mass storage device.
- data storage unit 1028may include code 1030 , in one embodiment.
- data storage unit 1028also includes a trusted storage 1029 to store sensitive information to be protected.
- an audio I/O 1024may be coupled to second bus 1020 .
- module 1300may be an Intel® CurieTM module that includes multiple components adapted within a single small module that can be implemented as all or part of a wearable device.
- module 1300includes a core 1310 (of course in other embodiments more than one core may be present).
- core 1310may be a relatively low complexity in-order core, such as based on an Intel Architecture® QuarkTM design.
- core 1310may implement a TEE as described herein.
- Core 1310couples to various components including a sensor hub 1320 , which may be configured to interact with a plurality of sensors 1380 , such as one or more biometric, motion environmental or other sensors.
- a power delivery circuit 1330is present, along with a non-volatile storage 1340 .
- this circuitmay include a rechargeable battery and a recharging circuit, which may in one embodiment receive charging power wirelessly.
- One or more input/output (IO) interfaces 1350such as one or more interfaces compatible with one or more of USB/SPI/I2C/GPIO protocols, may be present.
- a wireless transceiver 1390which may be a BluetoothTM low energy or other short-range wireless transceiver is present to enable wireless communications as described herein. Understand that in different implementations a wearable module can take many other forms. Wearable and/or IoT devices have, in comparison with a typical general purpose CPU or a GPU, a small form factor, low power requirements, limited instruction sets, relatively slow computation throughput, or any of the above.
- Embodimentsmay be used in many different types of systems.
- a communication devicecan be arranged to perform the various methods and techniques described herein.
- the scope of the present inventionis not limited to a communication device, and instead other embodiments can be directed to other types of apparatus for processing instructions, or one or more machine readable media including instructions that in response to being executed on a computing device, cause the device to carry out one or more of the methods and techniques described herein.
- Embodimentsmay be implemented in code and may be stored on a non-transitory storage medium having stored thereon instructions which can be used to program a system to perform the instructions. Embodiments also may be implemented in data and may be stored on a non-transitory storage medium, which if used by at least one machine, causes the at least one machine to fabricate at least one integrated circuit to perform one or more operations.
- the storage mediummay include, but is not limited to, any type of disk including floppy disks, optical disks, solid state drives (SSDs), compact disk read-only memories (CD-ROMs), compact disk rewritables (CD-RWs), and magneto-optical disks, semiconductor devices such as read-only memories (ROMs), random access memories (RAMs) such as dynamic random access memories (DRAMs), static random access memories (SRAMs), erasable programmable read-only memories (EPROMs), flash memories, electrically erasable programmable read-only memories (EEPROMs), magnetic or optical cards, or any other type of media suitable for storing electronic instructions.
- ROMsread-only memories
- RAMsrandom access memories
- DRAMsdynamic random access memories
- SRAMsstatic random access memories
- EPROMserasable programmable read-only memories
- EEPROMselectrically erasable programmable read-only memories
- magnetic or optical cardsor any other type of media suitable for storing electronic instructions.
- Example 1includes at least one computer readable storage medium comprising instructions that when executed enable a system to: receive, in a first device, at least one of a first symmetric key and a first asymmetric key in a common key management structure, the common key management structure to accommodate asymmetric keys and symmetric keys, and further including security policy information to enable communication between the first device of a first domain of an Internet of Things (IoT) network and a second device of a second domain of the IoT network according to an inter-domain security policy; and send a first message directly from the first device to the second device according to the security policy information of the common key management structure.
- IoTInternet of Things
- Example 2the subject matter of the Example 1 can optionally include instructions that when executed enable the system to dynamically scale the IoT network by dynamically instantiating at least one zone controller for a first zone of the IoT network, the first zone including the first device.
- Example 3the subject matter of the Examples 1-2 can optionally include instructions that when executed enable the system to dynamically scale the IoT network by dynamically instantiating at least one domain controller for the first domain, which includes the first device.
- Example 4the subject matter of the Examples 1-3 can optionally include wherein the at least one domain controller comprises a key management system.
- the subject matter of the Examples 1-4can optionally include further comprising instructions that when executed enable the system to dynamically instantiate the first device as at least one of a domain controller for the first domain, a zone controller for a first zone of the first domain, and a client of the first domain.
- Example 6the subject matter of the Examples 1-5 can optionally include further comprising instructions that when executed enable the first device to dynamically instantiate a third device as at least one of a zone controller of the first domain and a client of the first domain.
- Example 7the subject matter of the Examples 1-6 can optionally include further comprising instructions that when executed enable the system to, in response to the first device receiving at an additional instance of the common key management structure, dynamically instantiate the first device as at least one of a domain controller for the first domain, a zone controller for a first zone of the first domain, and a client of the first domain.
- the subject matter of the Examples 1-7can optionally include instructions that when executed enable the system to: for a first publication-subscription topic, dynamically instantiate the first device as at least one of a domain controller for the first domain, a zone controller for a first zone of the first domain, and a client of the first domain; and for a second publication-subscription topic, dynamically instantiate the first device as at least one of a domain controller for at least one of the first domain and an additional domain, a zone controller for at least one of the first zone and an additional zone of the additional domain, and a client for at least one of the first domain and the additional domain.
- Example 9the subject matter of the Examples 1-8 can optionally include instructions that when executed enable the system to: receive a second message in the first device directly from the second device; and enforce, in the first device, the inter-domain security policy with regard to the second message.
- the subject matter of the Examples 1-9can optionally include instructions that when executed enable the system to: receive a third message in the first device directly from a third device; and enforce, in the first device, an intra-domain security policy with regard to the third message; wherein (a) the intra-domain and inter-domain policies are not equal to each other; and (b) the first and third devices, but not the second device, are included in a first domain.
- the subject matter of the Examples 1-10can optionally include wherein the inter-domain policy corresponds to at least one of data filtering, malware screening, and bandwidth reservations.
- Example 12the subject matter of the Examples 1-11 can optionally include instructions that when executed enable the system to receive the common key management structure from a first zone controller, the first zone controller dynamically assigned a key management role from an initial key management system of the IoT network.
- Example 13the subject matter of the Examples 1-12 can optionally include wherein the first zone controller and the first device are both included in the first domain, which does not include the second device.
- the subject matter of the Examples 1-13can optionally include instructions that when executed enable the system to: encrypt, in the first device, the first message using the first symmetric key; and send, directly from the first device to the second device, an additional instance of the first symmetric key; wherein (a) the additional instance of the first symmetric key is encrypted based on keys shared between the second device and a third device but not the first device; and (b) the second and third devices are each included in the second domain, which does not include the first device.
- the subject matter of the Examples 1-14can optionally include wherein (a) the first domain is a logical collection of devices, including the first device, under a common administrative control administered by at least one of the collection of devices, and (b) a zone is a logical subset of the devices under a common administrative control administered by at least one of the subset of the devices.
- Example 16the subject matter of the Examples 1-15 can optionally include instructions that when executed enable the system to receive the common key management structure from a key management system responsive to a request from the first device to interact with the second device.
- Example 17the subject matter of the Example 1-16 can optionally include instructions that when executed enable the system to cause the common key management structure to expire according to expiration information of the common key management structure, and thereafter prevent interaction between the first device and the second device.
- Example 18the subject matter of the Examples 1-17 can optionally include instructions that when executed enable the system to: receive, in the first device, the first symmetric key in the common key management structure included in a first communication; and receive, in the first device, the first asymmetric key in the common key management structure included in a second communication.
- the subject matter of the Examples 1-18can optionally include wherein the first symmetric key corresponds to a first encryption protocol and the first asymmetric key corresponds to a second encryption protocol unequal to the first encryption protocol.
- Example 20the subject matter of the Examples 1-19 can optionally include instructions that when executed enable the system to receive, in the first device, the first symmetric key and the first asymmetric key in the common key management structure.
- the subject matter of the Examples 1-20can optionally include instructions that when executed enable the system to: receive, in the first device, the first asymmetric key in the common key management structure; and encrypt, in the first device, the first message using the first asymmetric key.
- Example 22the subject matter of the Examples 1-21 can optionally include instructions that when executed enable the system to send the first message in a data portion of a second common key management structure.
- Example 23includes a first device comprising: at least one hardware processor to execute instructions; at least one network interface to enable the at least one hardware processor to communicate with second and third computing nodes coupled in an Internet of Things (IoT); at least one non-transitory storage medium having instructions stored thereon for causing the at least one hardware processor of the first device to: receive at least one of a first symmetric key and a first asymmetric key in a common key management structure, the common key management structure to accommodate asymmetric keys and symmetric keys, wherein the common key management structure includes security policy information to enable communication between the first device of a first domain of an Internet of Things (IoT) network and a second device of a second domain of the IoT network according to an inter-domain security policy; and send a first message directly to the second device according to the security policy information of the common key management structure.
- IoTInternet of Things
- Example 24the subject matter of the Example 23 can optionally include The first device of claim 23 , the at least one medium further comprising instructions that when executed enable the first device to dynamically instantiate at least one zone controller for a first zone of the IoT network, the first zone including the first device.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
- This application claims priority to U.S. Provisional Patent Application No. 62/195,409 filed on Jul. 22, 2015 and entitled “A SELF-CONFIGURING KEY MANAGEMENT SYSTEM FOR AN INTERNET OF THINGS NETWORK”, the content of which is hereby incorporated by reference. Furthermore, this application claims priority to U.S. Provisional Patent Application No. 62/172,893 filed on Jun. 9, 2015 and entitled “SYSTEM, APPARATUS AND METHOD FOR MANAGING LIFECYCLE OF SECURE PUBLISH-SUBSCRIBE SYSTEM”, the content of which is hereby incorporated by reference.
- Internet of Things (IoT) networks may range dramatically in size and complexity from a single sensor connected to a smart device to smart city networks having hundreds of thousands of interconnected nodes. Interoperability between these IoT networks is an issue. For example, different IoT frameworks may incorporate differing device management schemes. Those schemes may include extreme variances in approaches to network and device security. Those schemes may also use different mechanisms for scaling up or down (i.e., adding or subtracting nodes from the IoT networks) according to site specific deployment expectations.
- Features and advantages of embodiments of the present invention will become apparent from the appended claims, the following detailed description of one or more example embodiments, and the corresponding figures. Where considered appropriate, reference labels have been repeated among the figures to indicate corresponding or analogous elements.
FIG. 1 is a timing diagram illustrating a key management system in accordance with an embodiment.FIG. 2 is a block diagram of a portion of an IoT network in accordance with an embodiment.FIG. 3 is a common key management context structure in accordance with an embodiment.FIG. 4 is an example key management context structure that may be used in connection with an asymmetric key.FIG. 5 is a block diagram of an example system with which embodiments can be used.FIG. 6 is a block diagram of a system in accordance with another embodiment of the present invention.FIG. 7 is a block diagram of a system in accordance with another embodiment of the present invention.- In the following description, numerous specific details are set forth but embodiments of the invention may be practiced without these specific details. Well-known circuits, structures and techniques have not been shown in detail to avoid obscuring an understanding of this description. “An embodiment”, “various embodiments” and the like indicate embodiment(s) so described may include particular features, structures, or characteristics, but not every embodiment necessarily includes the particular features, structures, or characteristics. Some embodiments may have some, all, or none of the features described for other embodiments. “First”, “second”, “third” and the like describe a common object and indicate different instances of like objects are being referred to. Such adjectives do not imply objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
- In various embodiments, techniques are provided to enable scalable key management in an IoT network. This allows for secure IoT networks even as those networks grow in size (e.g., number of nodes), complexity (e.g., hierarchies of command among the nodes), and diversity (e.g., IoT network having different nodes from different vendors). More specifically, embodiments provide a key management system that is integrated with the dynamics of IoT network evolution. Given that IoT devices can have widely disparate compute and other capabilities (e.g., processing power and/or storage capacity), and may further have multiple dissimilar transport and network technologies, embodiments provide a common key management system that can implement symmetric cryptography, asymmetric cryptography, or both. To this end, a key management system as described herein can issue both symmetric and asymmetric keys under a common convention for organizing IoT devices and for evolving the IoT network.
- In an embodiment IoT devices perform key management functions in proportion to the complexity of the network. As network complexity increases, key management duties expand to accommodate need. Key management duties can be assignable by role privileges that may be assigned as part of on-boarding a device into the network. This key management model allows both ad-hoc and introducer models for extending a network. Nevertheless, both models share the same mechanisms for assigning context (e.g., administrative realm, publish-subscribe topic) to keys. This allows a credential that originated using an ad-hoc key agreement protocol (e.g. Diffie-Hellman or PAKE) to be used with a device that understands introducer methods (e.g. PKI, Kerberos) and vice versa.
- In some embodiments, both symmetric and asymmetric keys may be included in a credential so that the constraints of the underlying transport and network layers may be accommodated if security is applied at lower layers. If security is applied at the application layer, the same credentials may be used having consistent security, scope and use semantics.
- For example, IoT frameworks such as the Open Interconnect Consortium (OIC) and PC networking framework WinSOCK define a multi-protocol transport or session layering scheme where one type of security is assumed by a first transport and a second type of security is assumed by a second transport. In a scenario where a first IoT device using a first transport connects to a second IoT device supporting both a first and a second transport, the second IoT device will select the credential (symmetric) that enables secure communication with the first device. Whereas, a third IoT device using a second transport will require the 2nd IoT device to select the credential (certificate) suited for the second transport. If a system of devices supporting multiple transports have occasion to connect where there are multiple transports in common, a selection or negotiation of which transport and which credential to use is made. This leads to the case where devices will have multiple credentials that enable secure communication to the same peer device which may lead to a negotiation over which credential type shall be used for a given connection. In such an environment, consistency of security context across differing credential types is necessary to ensure security policies are uniformly applied.
- Note that an embodiment of a key management system can be instantiated on a single network node and expand to be shared across multiple nodes as new nodes are added to a network. The key management system (or a given one of multiple instantiated key management devices of the system) can issue credentials that may be used to authenticate and protect devices, data, network services, network zones and various grouping constructs.
- Embodiments may integrate multiple approaches under a common infrastructure and provide a mechanism for delegating various IoT behaviors including publish-subscribe, peer-peer, network management and key management function to its members. As such, embodiments can enable use of asymmetric keys (such as typically managed using Public Key Infrastructure (PKI)), symmetric keys (such as typically managed using Kerberos), and further enable ad hoc approaches to key management such as using Diffie-Hellman key agreement to produce symmetric keys between network peers. Thus, embodiments provide a common framework for interoperability and migration between these different approaches to key management.
- Referring now to
FIG. 1 , shown is aprocess 100 illustrating a key management system in accordance with an embodiment. As seen inFIG. 1 , a key management system D1, which may be a server computer or any other type of computing device, bootstraps an IoT network using both ad hoc and third party introduction techniques. More specifically,FIG. 1 shows a timing illustration of key management operations for a plurality of devices in an IoT network accordance with an embodiment. - In the particular implementation shown, assume an initial key management system D1 (e.g., Smartphone) possesses all key management roles at time t1. Thereafter, at time t2 a new device D2 is introduced and an ad hoc key management process (block101) is performed to provide one or more keys (a symmetric key, an asymmetric key, or both) to device D2 in a common key management context structure. This ad hoc key establishment may occur via a Diffie-Hellman key exchange, and the like.
- At time t3 a new device D3 is introduced to D1 and an ad hoc key management process (block102) is performed to provide one or more keys (a symmetric key, an asymmetric key, or both) to device D3 in a common key management context structure. At time t3, device D3 is also introduced (as a zone controller) to device D2 (block103). For example, an embodiment is based on the Fluffy key management system. For example, D3 may be introduced to the first domain, to which D1 is the domain controller, by sending a request “PSK-REQ” to a key manager (e.g., device D1) for a ticket. As used herein, an example of a “request” and a “reply” include “GS K-REQ”/“PS K-REQ” and “GS K-REP”/“PS K-REP”, however “GS K-FET”/“PSK-FET” may also be considered a request and “GSK-DEL”/“PSK-DEL” may also be considered a reply. Further details regarding such requests and replies are located at, for example, https://tools.ietf.org/id/draft-hardjono-ace-fluffy-00***txt (see also (see ***https://datatracker.ietf.org/doc/draft-hardjono-ace-fluffy/ for version 01). The reply to such a request may use a client permissions field (cpac: the permissions and access control (PAC) structure containing permissions granted to a client associated with a key enclosed key in receipt sent to the client). The same tools (e.g., access controls structures) may be used to designate D2 as a mere client in zone controlled by Zone Controller D3. Afterwards, D2 and D3 can communicate directly (block104). Therefore,
blocks block 103 includes an introducer method to introduce two nodes. This intruder method will be further explained with an embodiment addressed inFIG. 2 . - Then at a still later time t4, another device D4 is introduced into the IoT network (block105). Specifically, device D3, which is a zone controller, performs an ad hoc key establishment process with this device such that thereafter devices D2 and D4 can interact directly (block107), after device D3 introduces device D4 to D2 (block106). D4 and D2 are introduced to each other as clients (e.g., using tickets and receipts with access control lists and “cpac” designations, if using the Fluffy protocol, designated D2 and D4 as clients).
- Understand while shown with these particular examples in
FIG. 1 , other interactions and key management flows can occur. - As the network grows in complexity, new devices may be delegated a key management responsibility (e.g., device D3 is provisioned dynamically as a zone controller at
block 103 ofFIG. 1 ). Other devices may be introduced as peers (e.g., block106 ofFIG. 1 ) that may interact directly using supplied credentials. - Note that credentials may be used to assign other roles (e.g., something other than “zone controller” or “client” as shown in
FIG. 1 ) meaningful in the context of an IoT application/function. For example, devices may cooperate in the context of a publish-subscribe interaction where some devices may be given a publisher role while other devices may be assigned a subscriber role, and still other devices provided a broker role (e.g., using the “pac” designation if the Fluffy protocol is used). All roles may be issued under a credential that specifies a topic of interaction (e.g., using “crlm” or “crealm” realm entry if the Fluffy protocol is used) such that off-topic interactions may require a different credential, allowing the devices to function in different roles for the other topic. - In embodiments, a network topology can be flexibly partitioned to allow intra-zone interactions to receive minimal intermediation to apply security, privacy and safety constraints. Stated another way, a flexible re-intermediation of key management between various domains and zones may occur. Understand that a domain is a logical collection of devices under a common administrative control. In turn, a zone is a logical construct within a given domain to enable scaling of key management within the domain to logically combine a smaller collection of devices to work within a common boundary, referred to as a zone.
- Understand that in different embodiments, various security policies may be identified on a zone or domain basis. In one example case, free interaction may occur within a zone, while some type of security policy may be enforced on communications between zones. Still further, greater security policies may be enforced for communications between different domains.
- In any case, embodiments provide flexible and dynamic scaling of security in IoT networks, while enabling peer-to-peer communication between devices within one or more zones within a domain, as well as between devices present in one or more different zones of different domains.
- Referring now to
FIG. 2 , shown is a block diagram of a portion of an IoT network in accordance with an embodiment. As shown, multiple devices are present in 2 different domains, namely domain A that includes a domain controller A, which may be a simple key distribution center (SKDC), underneath which a zone controller A is provided (which also may be a SKDC), which in turn interacts with a client IoT device of the same domain and zone. Similar devices are present in a second domain B. For example, with the Fluffy protocol the SKDC) is the entity which mediates the establishment of the pair-wise shared key between the client and service principal. Specifically, domain B includes a domain controller B, which may be a SKDC, underneath which a zone controller B is provided (which also may be a SKDC), which in turn interacts with a client IoT device of the same domain and zone. - As seen in
FIG. 2 , various interactions can occur inprocess 200 within and between zones and domains. For example, to enable direct peer-to-peer communication between client device A of the first zone and first domain and a client device B (SP B) of the second domain and the second zone, a request (block201) can be initiated from client A to its zone controller and domain controller (blocks 202,203) to in turn receive a ticket and a receipt (blocks - A reply may be formed, such as “PSK-REP” including a miniticket contains the following (see
FIG. 3 ): Issuing SKDC's realm (skdcrealm)(this the name of the realm, domain or zone of the SKDC that issued this miniticket)(304); Issuing SKDC's identity (skdcname)(this is the identity of the SKDC that issued this miniticket); Service principal's realm (sprealm)(this the name of the realm, domain or zone of the service principal for whom this miniticket is destined)(306); Service Principal's identity (spname)(this is the identity of the service principal for whom this miniticket is destined)(305); Encrypted miniticket part (enc-part)(this is the encrypted part of the miniticket intended for the service principal. It is encrypted using the secret key shared pair-wise between the SKDC and the service principal)(307). The encrypted part contains the following (see Fluffy protocol for more details): Client's realm (crealm)(this the name of the realm, domain or zone of the client with whom the receiver of this miniticket shares the enclosed key)(308); Client's identity (cname)(this is the identity of the client with whom the receiver of this miniticket shares the enclosed key)(309); Client permissions (cpac)(this is the permissions and access control (PAC) structure containing permissions granted to the client associated with the enclosed key, and through which inter-domain security policies may be enforced)(310); Time of authentication (authtime)(this is the time at the SKDC when it created this miniticket in response to a request); Expiration time of key (endtime)(this is the expiration time of the key in this miniticket)(311); Service principal permissions (sppac): (this is the permissions and access control (PAC) structure granted to the service principal associated with the enclosed key, through which inter-domain security policies may be enforced)(312); Transited realms (transited)(this is the set of SKDCs and realms that was involved in the issuance of the miniticket for the service principal. This field is used for cross-realm ticket issuance and may include, for example, Zone Controller B and Domain Controller B)(313); Key data (keydata)(this fields contains the key-data structure that carries the cryptographic key and other parameters necessary for operating the key)(314). This area may include a symmetric key, a public and private key pair, a public key, and/or combinations thereof. Receipt 303 may also be returned atblocks fields ticket 302. As provided in the Fluffy protocol, the miniticket is created by the SKDC (e.g., Zone Controller B) and is intended for the service principal (SP B) (although it is delivered via Client A, which initiates the process with the PSK-REQ message). The SKDC responds to the client by sending a PSK-Response (PSK-REP) message containing the miniticket and a receipt. The miniticket contains a copy of the encryption key to be delivered to the service principal by the client in a PSK-Establish (PSK-ESTB) message. As such, the sensitive parts (enc-part) of the miniticket are encrypted using the service principal's secret key (which it shares pair-wise with the SKDC). The receipt is created by the SKDC (e.g., Zone Controller B) and is used for the SKDC to deliver a key to a requesting party (be it client, service principal or multicast group members).FIG. 4 includes an analogous container but provides an asymmetric pair to Client A. Specifically,reply 401 is analogous to reply301. Reply401 includesfields fields 304′,305′,306′,314′,311′,310′,315′ (whichfield 415 including a key pair instead of a symmetric key). In such a case, SP B may inquire with Zone Controller B for a public key corresponding to the asymmetric pair (or a miniticket may be used as described in the Fluffy protocol).- Note that both client devices may include logic to enforce policy associated with the given devices as identified in the common key management structure that provides appropriate keys for controlling the communications. As such, the enforcement point for applying security policy is in the endpoint devices themselves, reducing complexity and network interaction. In some embodiments, a key provided in such structure can be used to bind a security policy and to create a secure channel between the devices which may be used for further communications. For example,
security monitoring 210 and ACL enforcement andprivacy filtering 211 may be tied to keys (see ticket of block209) viacpac 310′,310 andsppac 312. - Note that in some embodiments, the common key management structure can be used as a generic ticket format that can be used for data exchanges. In this way, the complexity of setting up an independent TLS session between devices to send the data can be avoided. As an example, data can be securely containerized within this common key management structure (see
FIGS. 3 and 4 ) and header information within the key management structure can be used to appropriately route packets of a given data communication. Note that a secure data channel can be established between devices responsive to the request for inter-domain (and inter-zone) interaction between the two IoT devices. Inter-zone and inter-domain interactions may require additional vetting when IoT devices cross zonal and domain boundaries. As such, inter-zonal and/or inter-domain interactions may receive added scrutiny as part of key issuance (see, e.g.,elements 210,211). - Embodiments may include a scenario where a Client B initiates a connection to Client A where a session is established without first obtaining a domain (zone) ticket and receipt. Security enforcement logic may require dynamically obtaining said ticket and receipt but may omit issuance of a session key by a SKDC, instead allowing use of the ephemeral session key as the ticket prescribes. A security benefit of this approach is the SKDC need not be hardened for key storage as a trusted third party. A second benefit is that the session key may be managed more precisely having a ticket context and validity that supersedes a caching policy of an ephemeral session key. The ticket may further prescribe a method for transforming the ephemeral session key into a long-term key using a key derivation function that accepts as input the ephemeral key and attributes of the ticket.
- For example, a first domain may need to establish a secure channel with a second domain with who it does not share a pre-existing trust relationship (e.g., there is no presumption of a common PKI or common Kerberos server). Hence, the domains will need to perform an ad-hoc key agreement using Diffie-Hellman or PAKE (password authenticated key exchange). In either case, there is a presumption of shared context in which to base trust. It is either context for pre-shared passwords or a context for ensuring there is no man-in-the-middle attacker (e.g., both endpoints have implemented a TEE that can attest its environment to the other).
- Embodiments may include receiving a receipt or ticket containing a public asymmetric key (e.g.,
FIG. 4 ) identifying a Client B that may be used to validate a signature created by Client B in connection with a session establishment to Client A. The receipt or ticket may contain similar attributes as described in other embodiments of a ticket or receipt so that a security processor may consistently apply a security policy according to a well-defined domain or zone context. - If the request for a credential is approved, any zonal and domain considerations can be captured as policies that are applied at the point of interaction between endpoints. For example, Client-A device and SP-B device may engage in inter-domain interactions, while applying appropriate policies. Such policies may include, as representative examples, applying data filtering, device monitoring, bandwidth reservations, and the like to ensure privacy, security and safety objectives for the respective organizations and context are appropriately applied.
- Embodiments may use a common key management context structure that accommodates both symmetric and asymmetric key types. Referring now to
FIG. 3 , shown is a common keymanagement context structure 300 in accordance with an embodiment. As shown inFIG. 3 , a request message captures the network topology context including the zone or domain authority, specific devices having domain/zone authority and constraints of key usage based on the role, topic or informational context. - Also, as noted above regarding
FIG. 3 , the structure (which may be provided by a given key management entity to a client device responsive to a request (e.g., for interaction with another device in an IoT network)) may be for a symmetric key. However, other embodiments provide for issuance of both symmetric and asymmetric keys under the common context. This allows the same credential to be flexibly applied when application, network and transport circumstances call for one or the other cryptographic method. - Also, as noted above regarding
FIG. 4 , keymanagement context structure 400 may be used in connection with an asymmetric key. Note that the structure further facilitates provisioning of credentials that may be used to authenticate, encrypt and integrity protect the device or data as appropriate for the intended use, whether symmetric or asymmetric cryptography is supported natively. - Thus, as described above, embodiments provide many advantages described non-exhaustively as follows. In embodiments, a key management system is self-configuring as the IoT network increases in numbers of devices. For example, an initial key management device may dynamically assign key management roles to other devices (e.g., D1 assigning Zone Controller role to D3 at t3). This may occur as a first device, such as D1, becomes overwhelmed and needs to shed some management responsibilities. And this initial device (e.g., D1) or another device (e.g., D3) can dynamically assign key management roles for delegating key management tasks (e.g., to one or more additional domain and/or zone controllers such that, for example, D3 could have determined D4 was a zone controller for a topic instead of a mere client). In this way, the key management system may further dynamically assign publish-subscribe, group formation, and other interaction patters of IoT networks.
- In addition, using a common key management context structure as described herein, both symmetric and asymmetric keys can be used in equivalent circumstances for authentication and protection of devices and/or data.
- Embodiments may further use a key management system to define a network topology of inter-zonal and inter-domain interaction points where security, safety and privacy considerations may be controlled at the request to cross such boundaries (but before the connection that enables such boundary crossings is established). Thus, a request by Client A to communicate with SP B indicates (based on headers such as “sprealm”) that a cross-domain communication is desired so any key to facilitate such communication may be based (e.g., sppac and cpac) on the need for policies to be complied with before other communications occur.
- In addition, the key management system may be configured to automatically revoke or rescind roles, privileges and access based on an expiration value (e.g., element311) and contextual change (e.g., change to
crealm 308 or sprealm306). - In some embodiments the techniques described herein may be implemented within a trusted execution environment (TEE) such as Intel® SGX, Intel® MemCore, Intel® CSE, Intel® VT-X, Intel® IOT-OS with Smack, or ARM TrustZone, etc. to perform security operations as described herein.
- Referring now to
FIG. 5 , shown is a block diagram of an example system with which embodiments can be used. As seen,system 900 may be a smartphone or other wireless communicator or any other IoT device. Abaseband processor 905 is configured to perform various signal processing with regard to communication signals to be transmitted from or received by the system. In turn,baseband processor 905 is coupled to anapplication processor 910, which may be a main CPU of the system to execute an OS and other system software, in addition to user applications such as many well-known social media and multimedia apps.Application processor 910 may further be configured to perform a variety of other computing operations for the device. - In turn,
application processor 910 can couple to a user interface/display 920, e.g., a touch screen display. In addition,application processor 910 may couple to a memory system including a non-volatile memory, namely aflash memory 930 and a system memory, namely aDRAM 935. In some embodiments,flash memory 930 may include asecure portion 932 in which secrets and other sensitive information may be stored. As further seen,application processor 910 also couples to a capture device945 such as one or more image capture devices that can record video and/or still images. - Still referring to
FIG. 5 , a universal integrated circuit card (UICC)940 comprises a subscriber identity module, which in some embodiments includes asecure storage 942 to store secure user information.System 900 may further include asecurity processor 950 that may couple toapplication processor 910. A plurality ofsensors 925, including one or more multi-axis accelerometers may couple toapplication processor 910 to enable input of a variety of sensed information such as motion and other environmental information. In addition, one ormore authentication devices 995 may be used to receive, e.g., user biometric input for use in authentication operations. - As further illustrated, a near field communication (NFC)
contactless interface 960 is provided that communicates in a NFC near field via anNFC antenna 965. While separate antennae are shown inFIG. 5 , understand that in some implementations one antenna or a different set of antennae may be provided to enable various wireless functionalities. - A power management integrated circuit (PMIC)915 couples to
application processor 910 to perform platform level power management. To this end,PMIC 915 may issue power management requests toapplication processor 910 to enter certain low power states as desired. Furthermore, based on platform constraints,PMIC 915 may also control the power level of other components ofsystem 900. - To enable communications to be transmitted and received such as in one or more IoT networks, various circuitries may be coupled between
baseband processor 905 and anantenna 990. Specifically, a radio frequency (RF)transceiver 970 and a wireless local area network (WLAN)transceiver 975 may be present. In general,RF transceiver 970 may be used to receive and transmit wireless data and calls according to a given wireless communication protocol such as 3G or 4G wireless communication protocol such as in accordance with a code division multiple access (CDMA), global system for mobile communication (GSM), long term evolution (LTE) or other protocol. In addition aGPS sensor 980 may be present, with location information being provided tosecurity processor 950 for use as described herein when context information is to be used in a pairing process. Other wireless communications such as receipt or transmission of radio signals, e.g., AM/FM and other signals may also be provided. In addition, viaWLAN transceiver 975, local wireless communications, such as according to a Bluetooth™ or IEEE 802.11 standard can also be realized. - Referring now to
FIG. 6 , shown is a block diagram of a system in accordance with another embodiment of the present invention. As shown inFIG. 6 ,multiprocessor system 1000 is a point-to-point interconnect system such as a server system, and includes afirst processor 1070 and asecond processor 1080 coupled via a point-to-point interconnect 1050. As shown inFIG. 6 , each ofprocessors processor cores processor cores processors - Still referring to
FIG. 6 ,first processor 1070 further includes a memory controller hub (MCH)1072 and point-to-point (P-P) interfaces1076 and1078. Similarly,second processor 1080 includes aMCH 1082 andP-P interfaces FIG. 6 , MCH's1072 and1082 couple the processors to respective memories, namely amemory 1032 and a memory1034, which may be portions of main memory (e.g., a DRAM) locally attached to the respective processors.First processor 1070 andsecond processor 1080 may be coupled to achipset 1090 via P-P interconnects1052 and1054, respectively. As shown inFIG. 6 ,chipset 1090 includesP-P interfaces - Furthermore,
chipset 1090 includes aninterface 1092 tocouple chipset 1090 with a highperformance graphics engine 1038, by aP-P interconnect 1039. In turn,chipset 1090 may be coupled to a first bus1016 via aninterface 1096. As shown inFIG. 6 , various input/output (I/O)devices 1014 may be coupled to first bus1016, along with a bus bridge1018 which couples first bus1016 to asecond bus 1020. Various devices may be coupled tosecond bus 1020 including, for example, a keyboard/mouse1022,communication devices 1026 and adata storage unit 1028 such as a non-volatile storage or other mass storage device. As seen,data storage unit 1028 may includecode 1030, in one embodiment. As further seen,data storage unit 1028 also includes a trustedstorage 1029 to store sensitive information to be protected. Further, an audio I/O 1024 may be coupled tosecond bus 1020. - Embodiments may be used in environments where IoT devices may include wearable devices or other small form factor IoT devices. Referring now to
FIG. 7 , shown is a block diagram of awearable module 1300 in accordance with another embodiment. In one particular implementation,module 1300 may be an Intel® Curie™ module that includes multiple components adapted within a single small module that can be implemented as all or part of a wearable device. As seen,module 1300 includes a core1310 (of course in other embodiments more than one core may be present). Such core may be a relatively low complexity in-order core, such as based on an Intel Architecture® Quark™ design. In some embodiments,core 1310 may implement a TEE as described herein.Core 1310 couples to various components including asensor hub 1320, which may be configured to interact with a plurality ofsensors 1380, such as one or more biometric, motion environmental or other sensors. Apower delivery circuit 1330 is present, along with anon-volatile storage 1340. In an embodiment, this circuit may include a rechargeable battery and a recharging circuit, which may in one embodiment receive charging power wirelessly. One or more input/output (IO) interfaces1350, such as one or more interfaces compatible with one or more of USB/SPI/I2C/GPIO protocols, may be present. In addition, awireless transceiver 1390, which may be a Bluetooth™ low energy or other short-range wireless transceiver is present to enable wireless communications as described herein. Understand that in different implementations a wearable module can take many other forms. Wearable and/or IoT devices have, in comparison with a typical general purpose CPU or a GPU, a small form factor, low power requirements, limited instruction sets, relatively slow computation throughput, or any of the above. - Embodiments may be used in many different types of systems. For example, in one embodiment a communication device can be arranged to perform the various methods and techniques described herein. Of course, the scope of the present invention is not limited to a communication device, and instead other embodiments can be directed to other types of apparatus for processing instructions, or one or more machine readable media including instructions that in response to being executed on a computing device, cause the device to carry out one or more of the methods and techniques described herein.
- Embodiments may be implemented in code and may be stored on a non-transitory storage medium having stored thereon instructions which can be used to program a system to perform the instructions. Embodiments also may be implemented in data and may be stored on a non-transitory storage medium, which if used by at least one machine, causes the at least one machine to fabricate at least one integrated circuit to perform one or more operations. The storage medium may include, but is not limited to, any type of disk including floppy disks, optical disks, solid state drives (SSDs), compact disk read-only memories (CD-ROMs), compact disk rewritables (CD-RWs), and magneto-optical disks, semiconductor devices such as read-only memories (ROMs), random access memories (RAMs) such as dynamic random access memories (DRAMs), static random access memories (SRAMs), erasable programmable read-only memories (EPROMs), flash memories, electrically erasable programmable read-only memories (EEPROMs), magnetic or optical cards, or any other type of media suitable for storing electronic instructions.
- The following examples pertain to further embodiments.
- Example 1 includes at least one computer readable storage medium comprising instructions that when executed enable a system to: receive, in a first device, at least one of a first symmetric key and a first asymmetric key in a common key management structure, the common key management structure to accommodate asymmetric keys and symmetric keys, and further including security policy information to enable communication between the first device of a first domain of an Internet of Things (IoT) network and a second device of a second domain of the IoT network according to an inter-domain security policy; and send a first message directly from the first device to the second device according to the security policy information of the common key management structure.
- In example 2 the subject matter of the Example 1 can optionally include instructions that when executed enable the system to dynamically scale the IoT network by dynamically instantiating at least one zone controller for a first zone of the IoT network, the first zone including the first device.
- In example 3 the subject matter of the Examples 1-2 can optionally include instructions that when executed enable the system to dynamically scale the IoT network by dynamically instantiating at least one domain controller for the first domain, which includes the first device.
- In example 4 the subject matter of the Examples 1-3 can optionally include wherein the at least one domain controller comprises a key management system.
- In example 5 the subject matter of the Examples 1-4 can optionally include further comprising instructions that when executed enable the system to dynamically instantiate the first device as at least one of a domain controller for the first domain, a zone controller for a first zone of the first domain, and a client of the first domain.
- In example 6 the subject matter of the Examples 1-5 can optionally include further comprising instructions that when executed enable the first device to dynamically instantiate a third device as at least one of a zone controller of the first domain and a client of the first domain.
- In example 7 the subject matter of the Examples 1-6 can optionally include further comprising instructions that when executed enable the system to, in response to the first device receiving at an additional instance of the common key management structure, dynamically instantiate the first device as at least one of a domain controller for the first domain, a zone controller for a first zone of the first domain, and a client of the first domain.
- In example 8 the subject matter of the Examples 1-7 can optionally include instructions that when executed enable the system to: for a first publication-subscription topic, dynamically instantiate the first device as at least one of a domain controller for the first domain, a zone controller for a first zone of the first domain, and a client of the first domain; and for a second publication-subscription topic, dynamically instantiate the first device as at least one of a domain controller for at least one of the first domain and an additional domain, a zone controller for at least one of the first zone and an additional zone of the additional domain, and a client for at least one of the first domain and the additional domain.
- In example 9 the subject matter of the Examples 1-8 can optionally include instructions that when executed enable the system to: receive a second message in the first device directly from the second device; and enforce, in the first device, the inter-domain security policy with regard to the second message.
- In example 10 the subject matter of the Examples 1-9 can optionally include instructions that when executed enable the system to: receive a third message in the first device directly from a third device; and enforce, in the first device, an intra-domain security policy with regard to the third message; wherein (a) the intra-domain and inter-domain policies are not equal to each other; and (b) the first and third devices, but not the second device, are included in a first domain.
- In example 11 the subject matter of the Examples 1-10 can optionally include wherein the inter-domain policy corresponds to at least one of data filtering, malware screening, and bandwidth reservations.
- In example 12 the subject matter of the Examples 1-11 can optionally include instructions that when executed enable the system to receive the common key management structure from a first zone controller, the first zone controller dynamically assigned a key management role from an initial key management system of the IoT network.
- In example 13 the subject matter of the Examples 1-12 can optionally include wherein the first zone controller and the first device are both included in the first domain, which does not include the second device.
- In example 14 the subject matter of the Examples 1-13 can optionally include instructions that when executed enable the system to: encrypt, in the first device, the first message using the first symmetric key; and send, directly from the first device to the second device, an additional instance of the first symmetric key; wherein (a) the additional instance of the first symmetric key is encrypted based on keys shared between the second device and a third device but not the first device; and (b) the second and third devices are each included in the second domain, which does not include the first device.
- In example 15 the subject matter of the Examples 1-14 can optionally include wherein (a) the first domain is a logical collection of devices, including the first device, under a common administrative control administered by at least one of the collection of devices, and (b) a zone is a logical subset of the devices under a common administrative control administered by at least one of the subset of the devices.
- In example 16 the subject matter of the Examples 1-15 can optionally include instructions that when executed enable the system to receive the common key management structure from a key management system responsive to a request from the first device to interact with the second device.
- In example 17 the subject matter of the Example 1-16 can optionally include instructions that when executed enable the system to cause the common key management structure to expire according to expiration information of the common key management structure, and thereafter prevent interaction between the first device and the second device.
- In example 18 the subject matter of the Examples 1-17 can optionally include instructions that when executed enable the system to: receive, in the first device, the first symmetric key in the common key management structure included in a first communication; and receive, in the first device, the first asymmetric key in the common key management structure included in a second communication.
- In example 19 the subject matter of the Examples 1-18 can optionally include wherein the first symmetric key corresponds to a first encryption protocol and the first asymmetric key corresponds to a second encryption protocol unequal to the first encryption protocol.
- In example 20 the subject matter of the Examples 1-19 can optionally include instructions that when executed enable the system to receive, in the first device, the first symmetric key and the first asymmetric key in the common key management structure.
- In example 21 the subject matter of the Examples 1-20 can optionally include instructions that when executed enable the system to: receive, in the first device, the first asymmetric key in the common key management structure; and encrypt, in the first device, the first message using the first asymmetric key.
- In example 22 the subject matter of the Examples 1-21 can optionally include instructions that when executed enable the system to send the first message in a data portion of a second common key management structure.
- Example 23 includes a first device comprising: at least one hardware processor to execute instructions; at least one network interface to enable the at least one hardware processor to communicate with second and third computing nodes coupled in an Internet of Things (IoT); at least one non-transitory storage medium having instructions stored thereon for causing the at least one hardware processor of the first device to: receive at least one of a first symmetric key and a first asymmetric key in a common key management structure, the common key management structure to accommodate asymmetric keys and symmetric keys, wherein the common key management structure includes security policy information to enable communication between the first device of a first domain of an Internet of Things (IoT) network and a second device of a second domain of the IoT network according to an inter-domain security policy; and send a first message directly to the second device according to the security policy information of the common key management structure.
- In example 24 the subject matter of the Example 23 can optionally include The first device of claim23, the at least one medium further comprising instructions that when executed enable the first device to dynamically instantiate at least one zone controller for a first zone of the IoT network, the first zone including the first device.
- While the present invention has been described with respect to a limited number of embodiments, those skilled in the art will appreciate numerous modifications and variations therefrom. It is intended that the appended claims cover all such modifications and variations as fall within the true spirit and scope of this present invention.
Claims (24)
1. At least one computer readable storage medium comprising instructions that when executed enable a system to:
receive, in a first device, at least one of a first symmetric key and a first asymmetric key in a common key management structure, the common key management structure to accommodate asymmetric keys and symmetric keys, and further including security policy information to enable communication between the first device of a first domain of an Internet of Things (IoT) network and a second device of a second domain of the IoT network according to an inter-domain security policy; and
send a first message directly from the first device to the second device according to the security policy information of the common key management structure.
2. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the system to dynamically scale the IoT network by dynamically instantiating at least one zone controller for a first zone of the IoT network, the first zone including the first device.
3. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the system to dynamically scale the IoT network by dynamically instantiating at least one domain controller for the first domain, which includes the first device.
4. The at least one computer readable storage medium ofclaim 3 , wherein the at least one domain controller comprises a key management system.
5. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the system to dynamically instantiate the first device as at least one of a domain controller for the first domain, a zone controller for a first zone of the first domain, and a client of the first domain.
6. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the first device to dynamically instantiate a third device as at least one of a zone controller of the first domain and a client of the first domain.
7. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the system to, in response to the first device receiving at an additional instance of the common key management structure, dynamically instantiate the first device as at least one of a domain controller for the first domain, a zone controller for a first zone of the first domain, and a client of the first domain.
8. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the system to:
for a first publication-subscription topic, dynamically instantiate the first device as at least one of a domain controller for the first domain, a zone controller for a first zone of the first domain, and a client of the first domain; and
for a second publication-subscription topic, dynamically instantiate the first device as at least one of a domain controller for at least one of the first domain and an additional domain, a zone controller for at least one of the first zone and an additional zone of the additional domain, and a client for at least one of the first domain and the additional domain.
9. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the system to:
receive a second message in the first device directly from the second device; and
enforce, in the first device, the inter-domain security policy with regard to the second message.
10. The at least one computer readable storage medium ofclaim 9 , further comprising instructions that when executed enable the system to:
receive a third message in the first device directly from a third device; and
enforce, in the first device, an intra-domain security policy with regard to the third message;
wherein (a) the intra-domain and inter-domain policies are not equal to each other; and (b) the first and third devices, but not the second device, are included in a first domain.
11. The at least one computer readable storage medium ofclaim 10 , wherein the inter-domain policy corresponds to at least one of data filtering, malware screening, and bandwidth reservations.
12. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the system to receive the common key management structure from a first zone controller, the first zone controller dynamically assigned a key management role from an initial key management system of the IoT network.
13. The at least one computer readable storage medium ofclaim 12 , wherein the first zone controller and the first device are both included in the first domain, which does not include the second device.
14. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the system to:
encrypt, in the first device, the first message using the first symmetric key; and
send, directly from the first device to the second device, an additional instance of the first symmetric key;
wherein (a) the additional instance of the first symmetric key is encrypted based on keys shared between the second device and a third device but not the first device; and (b) the second and third devices are each included in the second domain, which does not include the first device.
15. The at least one computer readable storage medium ofclaim 14 , wherein (a) the first domain is a logical collection of devices, including the first device, under a common administrative control administered by at least one of the collection of devices, and (b) a zone is a logical subset of the devices under a common administrative control administered by at least one of the subset of the devices.
16. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the system to receive the common key management structure from a key management system responsive to a request from the first device to interact with the second device.
17. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the system to cause the common key management structure to expire according to expiration information of the common key management structure, and thereafter prevent interaction between the first device and the second device.
18. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the system to:
receive, in the first device, the first symmetric key in the common key management structure included in a first communication; and
receive, in the first device, the first asymmetric key in the common key management structure included in a second communication.
19. The at least one computer readable storage medium ofclaim 18 , wherein the first symmetric key corresponds to a first encryption protocol and the first asymmetric key corresponds to a second encryption protocol unequal to the first encryption protocol.
20. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the system to receive, in the first device, the first symmetric key and the first asymmetric key in the common key management structure.
21. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the system to:
receive, in the first device, the first asymmetric key in the common key management structure; and.
encrypt, in the first device, the first message using the first asymmetric key.
22. The at least one computer readable storage medium ofclaim 1 , further comprising instructions that when executed enable the system to send the first message in a data portion of a second common key management structure.
23. A first device comprising:
at least one hardware processor to execute instructions;
at least one network interface to enable the at least one hardware processor to communicate with second and third computing nodes coupled in an Internet of Things (IoT);
at least one non-transitory storage medium having instructions stored thereon for causing the at least one hardware processor of the first device to:
receive at least one of a first symmetric key and a first asymmetric key in a common key management structure, the common key management structure to accommodate asymmetric keys and symmetric keys, wherein the common key management structure includes security policy information to enable communication between the first device of a first domain of an Internet of Things (IoT) network and a second device of a second domain of the IoT network according to an inter-domain security policy; and
send a first message directly to the second device according to the security policy information of the common key management structure.
24. The first device ofclaim 23 , the at least one medium further comprising instructions that when executed enable the first device to dynamically instantiate at least one zone controller for a first zone of the IoT network, the first zone including the first device.
Priority Applications (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US14/968,125US10469464B2 (en) | 2015-06-09 | 2015-12-14 | Self-configuring key management system for an internet of things network |
| CN201680026946.2ACN107637011B (en) | 2015-06-09 | 2016-06-01 | Self-configuration key management system for internet of things network |
| PCT/US2016/035282WO2016200659A1 (en) | 2015-06-09 | 2016-06-01 | A self-configuring key management system for an internet of things network |
| EP16808051.3AEP3308497B1 (en) | 2015-06-09 | 2016-06-01 | A self-configuring key management system for an internet of things network |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201562172893P | 2015-06-09 | 2015-06-09 | |
| US201562195409P | 2015-07-22 | 2015-07-22 | |
| US14/968,125US10469464B2 (en) | 2015-06-09 | 2015-12-14 | Self-configuring key management system for an internet of things network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| US20160366102A1true US20160366102A1 (en) | 2016-12-15 |
| US10469464B2 US10469464B2 (en) | 2019-11-05 |
Family
ID=57504316
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US14/968,125Active2037-11-28US10469464B2 (en) | 2015-06-09 | 2015-12-14 | Self-configuring key management system for an internet of things network |
Country Status (4)
| Country | Link |
|---|---|
| US (1) | US10469464B2 (en) |
| EP (1) | EP3308497B1 (en) |
| CN (1) | CN107637011B (en) |
| WO (1) | WO2016200659A1 (en) |
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170026185A1 (en)* | 2015-07-21 | 2017-01-26 | Entrust, Inc. | Method and apparatus for providing secure communication among constrained devices |
| WO2019067002A1 (en)* | 2017-09-26 | 2019-04-04 | Olympus Sky Technologies, S.A. | Secure communications using organically derived synchronized processes |
| US10412581B2 (en)* | 2017-02-14 | 2019-09-10 | Ford Global Technologies, Llc | Secure session communication between a mobile device and a base station |
| US10516654B2 (en)* | 2016-03-15 | 2019-12-24 | Intel Corporation | System, apparatus and method for key provisioning delegation |
| US10528725B2 (en) | 2016-11-04 | 2020-01-07 | Microsoft Technology Licensing, Llc | IoT security service |
| US10574636B2 (en) | 2015-10-14 | 2020-02-25 | Mcafee, Llc | System, apparatus and method for migrating a device having a platform group |
| US10579825B2 (en)* | 2017-03-17 | 2020-03-03 | Labyrinth Research Llc | Unified control of privacy-impacting devices |
| US10687212B2 (en) | 2017-04-07 | 2020-06-16 | At&T Mobility Ii Llc | Mobile network core component for managing security keys |
| US20200213101A1 (en)* | 2018-02-12 | 2020-07-02 | Afero, Inc. | System and method for securely configuring a new device with network credentials |
| US20200328885A1 (en)* | 2019-04-15 | 2020-10-15 | Smart Security Systems, Llc | Enhanced monitoring and protection of enterprise data |
| US10936713B2 (en)* | 2015-12-17 | 2021-03-02 | The Charles Stark Draper Laboratory, Inc. | Techniques for metadata processing |
| US10972456B2 (en) | 2016-11-04 | 2021-04-06 | Microsoft Technology Licensing, Llc | IoT device authentication |
| US11025627B2 (en)* | 2017-07-10 | 2021-06-01 | Intel Corporation | Scalable and secure resource isolation and sharing for IoT networks |
| US20210184845A1 (en)* | 2019-12-16 | 2021-06-17 | Bull Sas | Secure, decentralized, automated platform and multi-actors for object identity management through the use of a block chain technology |
| US20210204128A1 (en)* | 2018-05-28 | 2021-07-01 | Carrier Corporation | End user inclusion and access of devices |
| US11146643B2 (en)* | 2017-03-23 | 2021-10-12 | Ntt Communications Corporation | Message bus agent apparatus, signaling server, message bus management server, connection establishment method, and program |
| US11150910B2 (en) | 2018-02-02 | 2021-10-19 | The Charles Stark Draper Laboratory, Inc. | Systems and methods for policy execution processing |
| US11182162B2 (en) | 2015-12-17 | 2021-11-23 | The Charles Stark Draper Laboratory, Inc. | Techniques for metadata processing |
| US20220200973A1 (en)* | 2019-04-15 | 2022-06-23 | Bear System, LLC | Blockchain schema for secure data transmission |
| US20220261469A1 (en)* | 2019-03-08 | 2022-08-18 | Master Lock Company Llc | Locking device biometric access |
| US11588629B2 (en)* | 2019-12-16 | 2023-02-21 | Bull Sas | Secure, decentralized, automated platform and multi-actors for object identity management through the use of a block chain technology |
| WO2023116032A1 (en)* | 2021-12-21 | 2023-06-29 | 中兴通讯股份有限公司 | Networking method and device based on short-distance communication, and storage medium |
| US11748457B2 (en) | 2018-02-02 | 2023-09-05 | Dover Microsystems, Inc. | Systems and methods for policy linking and/or loading for secure initialization |
| US11797398B2 (en) | 2018-04-30 | 2023-10-24 | Dover Microsystems, Inc. | Systems and methods for checking safety properties |
| US11841956B2 (en) | 2018-12-18 | 2023-12-12 | Dover Microsystems, Inc. | Systems and methods for data lifecycle protection |
| US11875180B2 (en) | 2018-11-06 | 2024-01-16 | Dover Microsystems, Inc. | Systems and methods for stalling host processor |
| US11928201B2 (en)* | 2016-12-22 | 2024-03-12 | Hid Global Cid Sas | Mobile credential with online/offline delivery |
| US12079197B2 (en) | 2019-10-18 | 2024-09-03 | Dover Microsystems, Inc. | Systems and methods for updating metadata |
| US12124576B2 (en) | 2020-12-23 | 2024-10-22 | Dover Microsystems, Inc. | Systems and methods for policy violation processing |
| US12124566B2 (en) | 2018-11-12 | 2024-10-22 | Dover Microsystems, Inc. | Systems and methods for metadata encoding |
| US12248564B2 (en) | 2018-02-02 | 2025-03-11 | Dover Microsystems, Inc. | Systems and methods for transforming instructions for metadata processing |
| US12253944B2 (en) | 2020-03-03 | 2025-03-18 | Dover Microsystems, Inc. | Systems and methods for caching metadata |
| US12393677B2 (en) | 2019-01-18 | 2025-08-19 | Dover Microsystems, Inc. | Systems and methods for metadata classification |
| US12438883B2 (en)* | 2023-05-17 | 2025-10-07 | Microsoft Technology Licensing, Llc | Region-based security policies for cloud resources |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106936570B (en)* | 2015-12-31 | 2021-08-20 | 华为技术有限公司 | A key configuration method, key management center, and network element |
| CN110392014B (en)* | 2018-04-17 | 2022-08-05 | 阿里巴巴集团控股有限公司 | Communication method and device between IoT devices |
| US11108749B2 (en)* | 2019-03-25 | 2021-08-31 | Micron Technology, Inc. | Secure device coupling |
| US11405414B2 (en) | 2019-08-06 | 2022-08-02 | Bank Of America Corporation | Automated threat assessment system for authorizing resource transfers between distributed IoT components |
| US11341485B2 (en) | 2019-08-06 | 2022-05-24 | Bank Of America Corporation | Machine learning based system for authorization of autonomous resource transfers between distributed IOT components |
| US10921787B1 (en) | 2019-08-06 | 2021-02-16 | Bank Of America Corporation | Centralized resource transfer engine for facilitating resource transfers between distributed internet-of-things (IoT) components |
| CN110519054A (en)* | 2019-08-29 | 2019-11-29 | 四川普思科创信息技术有限公司 | A method of internet of things data safeguard protection is carried out based on reliable computing technology |
| CN113596013B (en)* | 2021-07-26 | 2024-02-09 | 深圳Tcl新技术有限公司 | Method and device for setting device control authority, computer device and storage medium |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070192325A1 (en)* | 2006-02-01 | 2007-08-16 | Morris Robert P | HTTP publish/subscribe communication protocol |
| US20080126794A1 (en)* | 2006-11-28 | 2008-05-29 | Jianxin Wang | Transparent proxy of encrypted sessions |
| US20080304669A1 (en)* | 2007-06-11 | 2008-12-11 | The Boeing Company | Recipient-signed encryption certificates for a public key infrastructure |
| US20120011360A1 (en)* | 2010-06-14 | 2012-01-12 | Engels Daniel W | Key management systems and methods for shared secret ciphers |
| US20120291089A1 (en)* | 2011-05-13 | 2012-11-15 | Raytheon Company | Method and system for cross-domain data security |
| US20130170499A1 (en)* | 2011-04-15 | 2013-07-04 | Architecture Technology, Inc. | Border gateway broker, network and method |
| US20140241354A1 (en)* | 2013-02-25 | 2014-08-28 | Qualcomm Incorporated | Establishing groups of internet of things (iot) devices and enabling communication among the groups of iot devices |
| US20150121066A1 (en)* | 2013-09-10 | 2015-04-30 | John A. Nix | Set of Servers for "Machine-to-Machine" Communications using Public Key Infrastructure |
| US20150121470A1 (en)* | 2013-10-25 | 2015-04-30 | Qualcomm Incorporated | Peer-to-peer onboarding of internet of things (iot) devices over various communication interfaces |
| US20150130957A1 (en)* | 2013-11-14 | 2015-05-14 | Qualcomm Incorporated | Method and apparatus for identifying a physical iot device |
| US20160182459A1 (en)* | 2014-12-18 | 2016-06-23 | Afero, Inc. | System and method for securely connecting network devices |
| US20160205097A1 (en)* | 2015-01-12 | 2016-07-14 | Verisign, Inc. | Systems and methods for establishing ownership and delegation ownership of iot devices using domain name system services |
| US20160353305A1 (en)* | 2015-06-01 | 2016-12-01 | Kiban Labs, Inc. | Internet of things (iot) automotive device, system, and method |
| US9780954B2 (en)* | 2014-02-03 | 2017-10-03 | Tata Consultancy Services Ltd. | Computer implemented system and method for lightweight authentication on datagram transport for internet of things |
Family Cites Families (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7546452B2 (en)* | 2002-08-20 | 2009-06-09 | Intel Corporation | Hardware-based credential management |
| US8364951B2 (en)* | 2002-12-30 | 2013-01-29 | General Instrument Corporation | System for digital rights management using distributed provisioning and authentication |
| US20050213768A1 (en)* | 2004-03-24 | 2005-09-29 | Durham David M | Shared cryptographic key in networks with an embedded agent |
| WO2006117680A2 (en)* | 2005-02-25 | 2006-11-09 | Sap Ag | Consistent set of interfaces derived from a business object model |
| CN100488199C (en)* | 2005-08-23 | 2009-05-13 | 北京无限新锐网络科技有限公司 | Media issuing system and method |
| US20070219914A1 (en)* | 2006-03-17 | 2007-09-20 | Moore Barrett H | Document-based civilly-catastrophic event personal action guide facilitation method |
| US7817986B2 (en) | 2006-04-28 | 2010-10-19 | Motorola, Inc. | Method and system for providing cellular assisted secure communications of a plurality of ad hoc devices |
| CN101286845B (en)* | 2008-05-12 | 2011-02-09 | 华中科技大学 | A Role-Based Inter-Domain Access Control System |
| US8266433B1 (en) | 2009-04-30 | 2012-09-11 | Netapp, Inc. | Method and system for automatically migrating encryption keys between key managers in a network storage system |
| CN102055585B (en)* | 2009-11-04 | 2012-12-19 | 中兴通讯股份有限公司 | Media security lawful monitoring method and system based on key management server (KMS) |
| CN101715186B (en)* | 2009-11-20 | 2012-01-04 | 西安电子科技大学 | Secret sharing based safety communication method of wireless sensor network |
| US8881236B2 (en)* | 2011-02-04 | 2014-11-04 | Futurewei Technologies, Inc. | Method and apparatus for a control plane to manage domain-based security and mobility in an information centric network |
| CN103475624A (en)* | 2012-06-06 | 2013-12-25 | 中兴通讯股份有限公司 | Internet of Things key management center system, key distribution system and method |
| IN2015DN00015A (en) | 2012-07-27 | 2015-05-22 | Ericsson Telefon Ab L M | |
| US20140108558A1 (en)* | 2012-10-12 | 2014-04-17 | Citrix Systems, Inc. | Application Management Framework for Secure Data Sharing in an Orchestration Framework for Connected Devices |
| CN103686717B (en)* | 2013-12-23 | 2016-09-07 | 江苏物联网研究发展中心 | A kind of key management method of Internet of Things sensor-based system |
| CN103716415B (en)* | 2014-01-20 | 2017-08-22 | 北京交通大学 | A kind of resource perception adaptation method with excellent extensibility |
- 2015
- 2015-12-14USUS14/968,125patent/US10469464B2/enactiveActive
- 2016
- 2016-06-01EPEP16808051.3Apatent/EP3308497B1/enactiveActive
- 2016-06-01WOPCT/US2016/035282patent/WO2016200659A1/ennot_activeCeased
- 2016-06-01CNCN201680026946.2Apatent/CN107637011B/enactiveActive
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070192325A1 (en)* | 2006-02-01 | 2007-08-16 | Morris Robert P | HTTP publish/subscribe communication protocol |
| US20080126794A1 (en)* | 2006-11-28 | 2008-05-29 | Jianxin Wang | Transparent proxy of encrypted sessions |
| US20080304669A1 (en)* | 2007-06-11 | 2008-12-11 | The Boeing Company | Recipient-signed encryption certificates for a public key infrastructure |
| US20120011360A1 (en)* | 2010-06-14 | 2012-01-12 | Engels Daniel W | Key management systems and methods for shared secret ciphers |
| US20130170499A1 (en)* | 2011-04-15 | 2013-07-04 | Architecture Technology, Inc. | Border gateway broker, network and method |
| US20120291089A1 (en)* | 2011-05-13 | 2012-11-15 | Raytheon Company | Method and system for cross-domain data security |
| US20140241354A1 (en)* | 2013-02-25 | 2014-08-28 | Qualcomm Incorporated | Establishing groups of internet of things (iot) devices and enabling communication among the groups of iot devices |
| US20150121066A1 (en)* | 2013-09-10 | 2015-04-30 | John A. Nix | Set of Servers for "Machine-to-Machine" Communications using Public Key Infrastructure |
| US20150121470A1 (en)* | 2013-10-25 | 2015-04-30 | Qualcomm Incorporated | Peer-to-peer onboarding of internet of things (iot) devices over various communication interfaces |
| US20150130957A1 (en)* | 2013-11-14 | 2015-05-14 | Qualcomm Incorporated | Method and apparatus for identifying a physical iot device |
| US9780954B2 (en)* | 2014-02-03 | 2017-10-03 | Tata Consultancy Services Ltd. | Computer implemented system and method for lightweight authentication on datagram transport for internet of things |
| US20160182459A1 (en)* | 2014-12-18 | 2016-06-23 | Afero, Inc. | System and method for securely connecting network devices |
| US20160205097A1 (en)* | 2015-01-12 | 2016-07-14 | Verisign, Inc. | Systems and methods for establishing ownership and delegation ownership of iot devices using domain name system services |
| US20160353305A1 (en)* | 2015-06-01 | 2016-12-01 | Kiban Labs, Inc. | Internet of things (iot) automotive device, system, and method |
Non-Patent Citations (1)
| Title |
|---|
| Wang et al., Performance Evaluation of Attribute-Based Encryption: Toward Data Privacy in the IoT, August 2014, IEEE International Conference on Communications, pp. 725-730 (Year: 2014)* |
Cited By (54)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10728043B2 (en)* | 2015-07-21 | 2020-07-28 | Entrust, Inc. | Method and apparatus for providing secure communication among constrained devices |
| US11102013B2 (en) | 2015-07-21 | 2021-08-24 | Entrust, Inc. | Method and apparatus for providing secure communication among constrained devices |
| US20170026185A1 (en)* | 2015-07-21 | 2017-01-26 | Entrust, Inc. | Method and apparatus for providing secure communication among constrained devices |
| US10574636B2 (en) | 2015-10-14 | 2020-02-25 | Mcafee, Llc | System, apparatus and method for migrating a device having a platform group |
| US11381396B2 (en) | 2015-10-14 | 2022-07-05 | Mcafee, Llc | System, apparatus and method for migrating a device having a platform group |
| US11635960B2 (en) | 2015-12-17 | 2023-04-25 | The Charles Stark Draper Laboratory, Inc. | Processing metadata, policies, and composite tags |
| US11340902B2 (en) | 2015-12-17 | 2022-05-24 | The Charles Stark Draper Laboratory, Inc. | Techniques for metadata processing |
| US11182162B2 (en) | 2015-12-17 | 2021-11-23 | The Charles Stark Draper Laboratory, Inc. | Techniques for metadata processing |
| US11782714B2 (en) | 2015-12-17 | 2023-10-10 | The Charles Stark Draper Laboratory, Inc. | Metadata programmable tags |
| US11507373B2 (en) | 2015-12-17 | 2022-11-22 | The Charles Stark Draper Laboratory, Inc. | Techniques for metadata processing |
| US10936713B2 (en)* | 2015-12-17 | 2021-03-02 | The Charles Stark Draper Laboratory, Inc. | Techniques for metadata processing |
| US11720361B2 (en) | 2015-12-17 | 2023-08-08 | The Charles Stark Draper Laboratory, Inc. | Techniques for metadata processing |
| US10516654B2 (en)* | 2016-03-15 | 2019-12-24 | Intel Corporation | System, apparatus and method for key provisioning delegation |
| US10528725B2 (en) | 2016-11-04 | 2020-01-07 | Microsoft Technology Licensing, Llc | IoT security service |
| US10972456B2 (en) | 2016-11-04 | 2021-04-06 | Microsoft Technology Licensing, Llc | IoT device authentication |
| US11928201B2 (en)* | 2016-12-22 | 2024-03-12 | Hid Global Cid Sas | Mobile credential with online/offline delivery |
| US10412581B2 (en)* | 2017-02-14 | 2019-09-10 | Ford Global Technologies, Llc | Secure session communication between a mobile device and a base station |
| US10579825B2 (en)* | 2017-03-17 | 2020-03-03 | Labyrinth Research Llc | Unified control of privacy-impacting devices |
| US11146643B2 (en)* | 2017-03-23 | 2021-10-12 | Ntt Communications Corporation | Message bus agent apparatus, signaling server, message bus management server, connection establishment method, and program |
| US11461478B2 (en) | 2017-04-07 | 2022-10-04 | At&T Mobility Ii Llc | Mobile network core component for managing security keys |
| US10687212B2 (en) | 2017-04-07 | 2020-06-16 | At&T Mobility Ii Llc | Mobile network core component for managing security keys |
| US11025627B2 (en)* | 2017-07-10 | 2021-06-01 | Intel Corporation | Scalable and secure resource isolation and sharing for IoT networks |
| WO2019067002A1 (en)* | 2017-09-26 | 2019-04-04 | Olympus Sky Technologies, S.A. | Secure communications using organically derived synchronized processes |
| US12159143B2 (en) | 2018-02-02 | 2024-12-03 | The Charles Stark Draper Laboratory | Systems and methods for policy execution processing |
| US12248564B2 (en) | 2018-02-02 | 2025-03-11 | Dover Microsystems, Inc. | Systems and methods for transforming instructions for metadata processing |
| US11977613B2 (en) | 2018-02-02 | 2024-05-07 | Dover Microsystems, Inc. | System and method for translating mapping policy into code |
| US11150910B2 (en) | 2018-02-02 | 2021-10-19 | The Charles Stark Draper Laboratory, Inc. | Systems and methods for policy execution processing |
| US12242575B2 (en) | 2018-02-02 | 2025-03-04 | Dover Microsystems, Inc. | Systems and methods for policy linking and/or loading for secure initialization |
| US11748457B2 (en) | 2018-02-02 | 2023-09-05 | Dover Microsystems, Inc. | Systems and methods for policy linking and/or loading for secure initialization |
| US11709680B2 (en) | 2018-02-02 | 2023-07-25 | The Charles Stark Draper Laboratory, Inc. | Systems and methods for policy execution processing |
| US20200213101A1 (en)* | 2018-02-12 | 2020-07-02 | Afero, Inc. | System and method for securely configuring a new device with network credentials |
| US11626974B2 (en)* | 2018-02-12 | 2023-04-11 | Afero, Inc. | System and method for securely configuring a new device with network credentials |
| US12373314B2 (en) | 2018-04-30 | 2025-07-29 | Dover Microsystems, Inc. | Systems and methods for executing state machine in parallel with application code |
| US11797398B2 (en) | 2018-04-30 | 2023-10-24 | Dover Microsystems, Inc. | Systems and methods for checking safety properties |
| US20210204128A1 (en)* | 2018-05-28 | 2021-07-01 | Carrier Corporation | End user inclusion and access of devices |
| US11875180B2 (en) | 2018-11-06 | 2024-01-16 | Dover Microsystems, Inc. | Systems and methods for stalling host processor |
| US12124566B2 (en) | 2018-11-12 | 2024-10-22 | Dover Microsystems, Inc. | Systems and methods for metadata encoding |
| US11841956B2 (en) | 2018-12-18 | 2023-12-12 | Dover Microsystems, Inc. | Systems and methods for data lifecycle protection |
| US12393677B2 (en) | 2019-01-18 | 2025-08-19 | Dover Microsystems, Inc. | Systems and methods for metadata classification |
| US11947649B2 (en)* | 2019-03-08 | 2024-04-02 | Master Lock Company Llc | Locking device biometric access |
| US20220261469A1 (en)* | 2019-03-08 | 2022-08-18 | Master Lock Company Llc | Locking device biometric access |
| US20220200973A1 (en)* | 2019-04-15 | 2022-06-23 | Bear System, LLC | Blockchain schema for secure data transmission |
| US20230043229A1 (en)* | 2019-04-15 | 2023-02-09 | Smart Security Systems, Llc | Enhanced monitoring and protection of enterprise data |
| US11483143B2 (en)* | 2019-04-15 | 2022-10-25 | Smart Security Systems, Llc | Enhanced monitoring and protection of enterprise data |
| US20230037520A1 (en)* | 2019-04-15 | 2023-02-09 | Smart Security Systems, Llc | Blockchain schema for secure data transmission |
| US20200328885A1 (en)* | 2019-04-15 | 2020-10-15 | Smart Security Systems, Llc | Enhanced monitoring and protection of enterprise data |
| US12079197B2 (en) | 2019-10-18 | 2024-09-03 | Dover Microsystems, Inc. | Systems and methods for updating metadata |
| US11582034B2 (en)* | 2019-12-16 | 2023-02-14 | Bull Sas | Secure, decentralized, automated platform and multi-actors for object identity management through the use of a block chain technology |
| US20210184845A1 (en)* | 2019-12-16 | 2021-06-17 | Bull Sas | Secure, decentralized, automated platform and multi-actors for object identity management through the use of a block chain technology |
| US11588629B2 (en)* | 2019-12-16 | 2023-02-21 | Bull Sas | Secure, decentralized, automated platform and multi-actors for object identity management through the use of a block chain technology |
| US12253944B2 (en) | 2020-03-03 | 2025-03-18 | Dover Microsystems, Inc. | Systems and methods for caching metadata |
| US12124576B2 (en) | 2020-12-23 | 2024-10-22 | Dover Microsystems, Inc. | Systems and methods for policy violation processing |
| WO2023116032A1 (en)* | 2021-12-21 | 2023-06-29 | 中兴通讯股份有限公司 | Networking method and device based on short-distance communication, and storage medium |
| US12438883B2 (en)* | 2023-05-17 | 2025-10-07 | Microsoft Technology Licensing, Llc | Region-based security policies for cloud resources |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107637011A (en) | 2018-01-26 |
| CN107637011B (en) | 2021-11-02 |
| EP3308497B1 (en) | 2019-08-28 |
| EP3308497A1 (en) | 2018-04-18 |
| EP3308497A4 (en) | 2018-12-26 |
| WO2016200659A1 (en) | 2016-12-15 |
| US10469464B2 (en) | 2019-11-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10469464B2 (en) | Self-configuring key management system for an internet of things network | |
| EP3308520B1 (en) | System, apparatus and method for managing lifecycle of secure publish-subscribe system | |
| US11736277B2 (en) | Technologies for internet of things key management | |
| US11477625B2 (en) | System, apparatus and method for scalable internet of things (IoT) device on-boarding with quarantine capabilities | |
| US11025627B2 (en) | Scalable and secure resource isolation and sharing for IoT networks | |
| US20160364553A1 (en) | System, Apparatus And Method For Providing Protected Content In An Internet Of Things (IOT) Network | |
| EP3308495B1 (en) | System, apparatus and method for group key distribution for a network | |
| CN107925567B (en) | System, apparatus and method for optimizing symmetric key caching using tickets | |
| US9998431B2 (en) | System, apparatus and method for secure network bridging using a rendezvous service and multiple key distribution servers | |
| CN109314705B (en) | System, apparatus and method for large scale scalable dynamic multipoint virtual private network using group encryption keys | |
| US20180176196A1 (en) | System, apparatus and method for migrating a device having a platform group | |
| US10355854B2 (en) | Privacy preserving group formation with distributed content key generation | |
| US20170272415A1 (en) | System, Apparatus And Method For Key Provisioning Delegation | |
| EP2741465B1 (en) | Method and device for managing secure communications in dynamic network environments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment | Owner name:INTEL CORPORATION, CALIFORNIA Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SMITH, NED M;REEL/FRAME:037289/0147 Effective date:20151203 | |
| AS | Assignment | Owner name:INTEL CORPORATION, CALIFORNIA Free format text:CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVE APPLICATION NUMBERS 62172893 AND 62195409 PREVIOUSLY RECORDED AT REEL: 037289 FRAME: 0147. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNOR:SMITH, NED M.;REEL/FRAME:037484/0473 Effective date:20151203 | |
| STPP | Information on status: patent application and granting procedure in general | Free format text:RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER | |
| STPP | Information on status: patent application and granting procedure in general | Free format text:FINAL REJECTION MAILED | |
| STPP | Information on status: patent application and granting procedure in general | Free format text:NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS | |
| STPP | Information on status: patent application and granting procedure in general | Free format text:PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED | |
| STCF | Information on status: patent grant | Free format text:PATENTED CASE | |
| MAFP | Maintenance fee payment | Free format text:PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment:4 |